Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Dec 2012 15:41:17 +0000 (UTC)
From:      Paul Schmehl <pauls@utdallas.edu>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/174592: security/sguil-sensor, port update
Message-ID:  <20121220154117.B36A3DCA82A@buttercup4.utdallas.edu>
Resent-Message-ID: <201212201550.qBKFo0HD070367@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         174592
>Category:       ports
>Synopsis:       security/sguil-sensor, port update
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 20 15:50:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Paul Schmehl
>Release:        FreeBSD 8.3-STABLE amd64
>Organization:
The University of Texas at Dallas
>Environment:
System: FreeBSD hostname.utdallas.edu 8.3-STABLE FreeBSD 8.3-STABLE #2 r243378M: Wed Nov 21 22:16:38 UTC 2012 root@hostname.utdallas.edu:/usr/obj/usr/src/sys/GENERIC amd64


	
>Description:
	security/sguil-sensor, update port to version 0.8.0
	update to new OPTIONS framework and add LICENSE
>How-To-Repeat:
	
>Fix:

	

--- sguil-sensor.diff begins here ---
Index: Makefile
===================================================================
--- Makefile	(revision 309313)
+++ Makefile	(working copy)
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	sguil-sensor
-PORTVERSION=	0.7.0
-PORTREVISION=	3
+PORTVERSION=	0.8.0
 CATEGORIES=	security
 MASTER_SITES=	SF/sguil/sguil/sguil-${PORTVERSION}
 
@@ -15,104 +14,108 @@
 COMMENT=	Sguil is a network security monitoring program
 
 LIB_DEPENDS=	tls:${PORTSDIR}/devel/tcltls
-RUN_DEPENDS=	snort:${PORTSDIR}/security/snort \
-		barnyard2:${PORTSDIR}/security/barnyard2 \
+RUN_DEPENDS=	barnyard2:${PORTSDIR}/security/barnyard2-sguil \
 		${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
 
-OPTIONS=	SANCP "Include sancp sensor" off \
-		PADS "Include pads sensor" off
+OPTIONS_DEFINE=	PADS SANCP
+PADS_DESC=	Include pads sensor
+SANCP_DESC=	Include sancp sensor
 
+LICENSE_NAME=	QPLv1.0
+LICENSE_FILE=	${WRKSRC}/doc/LICENSE.QPL
+LICENSE_PERMS=	auto-accept
+
 NO_BUILD=	yes
-USE_RC_SUBR=	example_agent pcap_agent snort_agent
-TCLSH_CMD?=	tclsh8.4
+USE_RC_SUBR=	pcap_agent snort_agent
+TCL_VER=	8.5
+TCLSH=		tclsh${TCL_VER}
 WRKSRC=		${WRKDIR}/sguil-${PORTVERSION}
-SUB_LIST=	SGUILDIR=${SGUILDIR}
+PATCH_WRKSRC=	${WRKSRC}/sensor
+SGUILDIR?=	sguil-sensor
+SUB_LIST=	SGUILDIR=${SGUILDIR} TCLSH=${TCLSH}
 SUB_FILES=	pkg-message
 PLIST_SUB=	SGUILDIR=${SGUILDIR}
-SGUILDIR?=	sguil-sensor
-AGENTS=		example_agent.tcl pads_agent.tcl pcap_agent.tcl sancp_agent.tcl snort_agent.tcl
+AGENTS=		pcap_agent.tcl snort_agent.tcl
+CONFS=		pcap_agent.conf snort_agent.conf
+LOG_SCRIPTS=	log_packets-daemonlogger.sh log_packets.sh
+WITH_PCRE=	true
 
-PORTDOCS=	CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \
-		OPENSSL.README TODO UPGRADE USAGE sguildb.dia
+PORTDOCS1=	README
+PORTDOCS2=	README.daemonlogger
+PORTDOCS3=	CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README \
+		TODO UPGRADE USAGE sguildb.dia
 
-.include <bsd.port.pre.mk>
+.include <bsd.port.options.mk>
 
-WITH_PCRE=	true
-
-.if defined(WITH_SANCP)
+.if ${PORT_OPTIONS:MSANCP}
+AGENTS+=	sancp_agent.tcl pcap_agent-sancp.tcl
+CONFS+=		sancp_agent.conf sancp-indexed.conf pcap_agent-sancp.conf
 RUN_DEPENDS+=	sancp:${PORTSDIR}/security/sancp
-USE_RC_SUBR+=	sancp_agent
-PLIST_SUB+=	USESANCP=
+USE_RC_SUBR+=	sancp_agent pcap_agent-sancp
+PLIST_SUB+=	USESANCP=""
 .else
 PLIST_SUB+=	USESANCP="@comment "
 .endif
 
-.if defined(WITH_PADS)
+.if ${PORT_OPTIONS:MPADS}
+AGENTS+=	pads_agent.tcl
+CONFS+=		pads_agent.conf
 RUN_DEPENDS+=	pads:${PORTSDIR}/net-mgmt/pads
 USE_RC_SUBR+=	pads_agent
-PLIST_SUB+=	USEPADS=
+PLIST_SUB+=	USEPADS=""
 .else
 PLIST_SUB+=	USEPADS="@comment "
 .endif
 
 post-patch:
 .for f in ${AGENTS}
-	@${REINPLACE_CMD} -e 's:exec tclsh:exec ${PREFIX}/bin/${TCLSH_CMD}:g' \
+	@${REINPLACE_CMD} 's|/bin/sh|${PREFIX}/bin/${TCLSH}|' \
 		${WRKSRC}/sensor/${f}
-	@${REINPLACE_CMD} -e 's:/etc/:${PREFIX}/etc/${SGUILDIR}/:g' \
-		${WRKSRC}/sensor/${f}
 .endfor
 
 do-install:
 	@${MKDIR} ${PREFIX}/bin/${SGUILDIR}
 	@${MKDIR} ${PREFIX}/etc/${SGUILDIR}
-.for f in example_agent.tcl pcap_agent.tcl snort_agent.tcl
+	@${MKDIR} ${PREFIX}/share/${SGUILDIR}
+	@${MKDIR} ${PREFIX}/share/${SGUILDIR}/contrib
+	@${MKDIR} ${PREFIX}/share/${SGUILDIR}/init
+	(cd ${WRKSRC}/sensor/contrib && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/contrib "! -name ossec_agent.tcl.orig")
+	(cd ${WRKSRC}/sensor/init && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/init)
+.for f in ${AGENTS}
 	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
 		${PREFIX}/bin/${SGUILDIR}/${f}
 .endfor
-.for f in log_packets.sh
+.for f in ${LOG_SCRIPTS}
 	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
 		${PREFIX}/bin/${SGUILDIR}/${f}
 .endfor
-.for f in example_agent.conf pcap_agent.conf snort_agent.conf
+.for f in ${CONFS}
 	${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
 		${PREFIX}/etc/${SGUILDIR}/${f}-sample
 .endfor
-.for f in log_packets.conf
-	${INSTALL_DATA} ${FILESDIR}/${f} \
-		${PREFIX}/etc/${SGUILDIR}/${f}-sample
+.if ${PORT_OPTIONS:MSANCP}
+.for f in log_packets-sancp.sh
+	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
+		${PREFIX}/bin/${SGUILDIR}/${f}
 .endfor
-.if defined(WITH_SANCP)
-.for f in sancp_agent.conf
-	${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
-		${PREFIX}/etc/${SGUILDIR}/${f}-sample
-.endfor
 .for f in sancp.conf
 	${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \
-		${PREFIX}/etc/${f}-sample
-.endfor
-.for f in sancp_agent.tcl
-	${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \
-		${PREFIX}/bin/${SGUILDIR}/${f}
-.endfor
-.endif
-.if defined(WITH_PADS)
-.for f in pads_agent.conf
-	${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
 		${PREFIX}/etc/${SGUILDIR}/${f}-sample
 .endfor
-.for f in pads_agent.tcl
-	${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \
-		${PREFIX}/bin/${SGUILDIR}/${f}
-.endfor
 .endif
 post-install:
 
-.if !defined(NOPORTDOCS)
+.if ${PORT_OPTIONS:MDOCS}
 	@${MKDIR} ${DOCSDIR}
-	cd ${WRKSRC}/doc && ${INSTALL_DATA} \
-		${PORTDOCS} ${DOCSDIR}
+	cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS1} ${DOCSDIR}
+	cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${PORTDOCS2} ${DOCSDIR}
+	cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS3} ${DOCSDIR}
+.if ${PORT_OPTIONS:MSANCP}
+.for f in README.sancp_indexed_pcap
+	cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${f} ${DOCSDIR}
+.endfor
 .endif
+.endif
 	@${CAT} ${PKGMESSAGE}
 
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
Index: distinfo
===================================================================
--- distinfo	(revision 309313)
+++ distinfo	(working copy)
@@ -1,2 +1,2 @@
-SHA256 (sguil-sensor-0.7.0.tar.gz) = c6f08b031df9de942fc38b35a4bfc7db13357e61b7290b526bad66fcbe3e4f3b
-SIZE (sguil-sensor-0.7.0.tar.gz) = 68436
+SHA256 (sguil-sensor-0.8.0.tar.gz) = aa4617c4f9cf1d598c6d728afed50cd6f90dc5d1516a6eda8126401b7bba4be5
+SIZE (sguil-sensor-0.8.0.tar.gz) = 142829
Index: files/example_agent.in
===================================================================
--- files/example_agent.in	(revision 309313)
+++ files/example_agent.in	(working copy)
@@ -1,34 +0,0 @@
-#!/bin/sh
-
-# $FreeBSD$
-
-# PROVIDE: example_agent
-# REQUIRE: DAEMON
-# KEYWORD: shutdown
-
-# Add the following line to /etc/rc.conf to enable example_agent:
-# example_agent_enable (bool):	Set to YES to enable example_agent
-# 				Default: NO
-# example_agent_conf (str):	Example_agent configuration file
-#				Default: %%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf
-# example_agent_flags (str):	Default: -D
-#
-
-. /etc/rc.subr
-
-load_rc_config example_agent
-
-#set defaults
-example_agent_enable=${example_agent_enable:-"NO"}
-example_agent_conf=${example_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf"}
-example_agent_flags=${example_agent_flags:-"-D"}
-
-name="example_agent"
-rcvar=example_agent_enable
-command="%%PREFIX%%/bin/%%SGUILDIR%%/example_agent.tcl"
-command_args="-c ${example_agent_conf} ${example_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
-pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"
-
-run_rc_command "$1"
Index: files/log_packets.conf
===================================================================
--- files/log_packets.conf	(revision 309313)
+++ files/log_packets.conf	(working copy)
@@ -1,35 +0,0 @@
-# Conf file for the log_packets script
-# Make sure you verify the location of
-# each of the binaries on your OS
-
-# Edit these for your setup
-
-# Sensors hostname.
-# Note: If running multiple snort instances, then this must be different
-#       for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc)
-HOSTNAME="myhost"
-# Path to snort binary
-SNORT_PATH="/usr/local/bin/snort"
-# Directory to log pcap data to (date dirs will be created in here)
-# Note: The path $HOSTNAME/dailylogs, will be appended to this.
-LOG_DIR="/snort_data"
-# Percentage of disk to try and maintain
-MAX_DISK_USE=90
-# Interface to 'listen' to.
-INTERFACE="eth0"
-# Other options to use when starting snort
-#OPTIONS="-u sguil -g sguil -m 122"
-# Where to store the pid
-PIDFILE="/var/run/snort_log-${HOSTNAME}.pid"
-# How do we run ps
-PS="ps awx"
-# Where is grep
-GREP="/usr/bin/grep"
-#Add BPFs here.
-#The below is an example of a filter for ignoring outbound HTTP from my network
-# to the world.
-#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)'
-
-#Some installs may need these
-#LD_LIBRARY_PATH=/usr/local/lib/mysql
-#export LD_LIBRARY_PATH
Index: files/pads_agent.in
===================================================================
--- files/pads_agent.in	(revision 309313)
+++ files/pads_agent.in	(working copy)
@@ -16,19 +16,51 @@
 
 . /etc/rc.subr
 
-load_rc_config pads_agent
+name="pads_agent"
+rcvar=${name}_enable
+load_rc_config ${name}
 
 #set defaults
-pads_agent_enable=${pads_agent_enable:-"NO"}
-pads_agent_conf=${pads_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"}
-pads_agent_flags=${pads_agent_flags:-"-D"}
+: ${pads_agent_enable:="NO"}
+: ${pads_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"}
+: ${pads_agent_flags:="-D -c ${pads_agent_conf}"}
 
-name="pads_agent"
-rcvar=pads_agent_enable
 command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl"
-command_args="-c ${pads_agent_conf} ${pads_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
 pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"
 
+start_precmd="pads_agent_ck4fifo"
+stop_postcmd="pads_agent_rmfifo"
+
+pads_agent_ck4fifo()
+{
+        LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
+        HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
+        PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
+
+        if [ ! -p ${PADS_FIFO} ]; then
+                echo "${PADS_FIFO} does not exist.  Creating now....."
+                /usr/bin/mkfifo ${PADS_FIFO}
+        fi
+        echo "Checking for ${PADS_FIFO}...."
+        if [ -p ${PADS_FIFO} ]; then
+                echo "Confirmed!  ${PADS_FIFO} exists."
+        else
+                echo "I tried to create ${PADS_FIFO} and failed."
+                echo "You will need to create it manually before starting ${name}."
+        fi
+}
+
+pads_agent_rmfifo()
+{
+        LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
+        HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
+        PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
+
+        if [ -p ${PADS_FIFO} ]; then
+                /bin/rm ${PADS_FIFO}
+                echo "Removing ${PADS_FIFO}...."
+        fi
+}
+
 run_rc_command "$1"
Index: files/patch-log_packets.sh
===================================================================
--- files/patch-log_packets.sh	(revision 309313)
+++ files/patch-log_packets.sh	(working copy)
@@ -1,50 +0,0 @@
---- sensor/log_packets.sh.orig	2008-04-03 22:16:22.000000000 -0500
-+++ sensor/log_packets.sh	2008-04-03 22:22:20.000000000 -0500
-@@ -22,38 +22,16 @@
- #                                                            #
- ##############################################################
- 
-+# You shouldn't need to edit anything in this script
- 
--# Edit these for your setup
--
--# Sensors hostname.
--# Note: If running multiple snort instances, then this must be different
--#       for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc)
--HOSTNAME="myhost"
--# Path to snort binary
--SNORT_PATH="/usr/local/bin/snort"
--# Directory to log pcap data to (date dirs will be created in here)
--# Note: The path $HOSTNAME/dailylogs, will be appended to this.
--LOG_DIR="/snort_data"
--# Percentage of disk to try and maintain
--MAX_DISK_USE=90
--# Interface to 'listen' to.
--INTERFACE="eth0"
--# Other options to use when starting snort
--#OPTIONS="-u sguil -g sguil -m 122"
--# Where to store the pid
--PIDFILE="/var/run/snort_log-${HOSTNAME}.pid"
--# How do we run ps
--PS="ps awx"
--# Where is grep
--GREP="/usr/bin/grep"
--#Add BPFs here.
--#The below is an example of a filter for ignoring outbound HTTP from my network
--# to the world.
--#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)'
--
--#Some installs may need these
--#LD_LIBRARY_PATH=/usr/local/lib/mysql
--#export LD_LIBRARY_PATH
-+CONF=/usr/local/etc/sguil-sensor/log_packets.conf
-+if [ -r ${CONF} ]; then
-+  . ${CONF}
-+else
-+  echo "Your conf file is either missing or the path "
-+  echo "in the log_packets.sh script is incorrect."
-+  exit 1
-+fi
- 
- TZ=GMT
- export TZ
Index: files/patch-ossec_agent.tcl
===================================================================
--- files/patch-ossec_agent.tcl	(revision 0)
+++ files/patch-ossec_agent.tcl	(working copy)
@@ -0,0 +1,30 @@
+--- contrib/ossec_agent/ossec_agent.tcl.orig	2012-12-17 22:47:18.000000000 +0000
++++ contrib/ossec_agent/ossec_agent.tcl	2012-12-17 22:48:45.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # OSSEC agent for Sguil 0.7.0.  Based on the "example_agent.tcl" code
+ # distributed with sguil.  
+@@ -593,9 +591,9 @@
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/ossec_agent.conf] } {
++    if { [file exists /usr/local/etc/sguil-sensor/ossec_agent.conf] } {
+ 
+-        set CONF_FILE /etc/ossec_agent.conf
++        set CONF_FILE /usr/local/etc/sguil-sensor/ossec_agent.conf
+ 
+     } elseif { [file exists ./ossec_agent.conf] } {
+ 
+@@ -604,7 +602,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the ossec_agent.tcl config file is"
+-        puts "Looked for /etc/ossec_agent.conf and ./ossec_agent.conf."
++        puts "Looked for /usr/local/etc/sguil-sensor/ossec_agent.conf and ./ossec_agent.conf."
+         DisplayUsage $argv0
+ 
+     }
Index: files/patch-pads_agent.tcl
===================================================================
--- files/patch-pads_agent.tcl	(revision 0)
+++ files/patch-pads_agent.tcl	(working copy)
@@ -0,0 +1,39 @@
+--- pads_agent.tcl.orig	2012-12-19 21:25:26.000000000 +0000
++++ pads_agent.tcl	2012-12-19 21:27:37.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: pads_agent.tcl,v 1.13 2011/02/17 02:55:48 bamm Exp $ #
+ 
+@@ -332,7 +330,7 @@
+   id process group set
+   if {[fork]} {exit 0}
+   set PID [id process]
+-  if { ![info exists PID_FILE] } { set PID_FILE "/var/run/sensor_agent.pid" }
++  if { ![info exists PID_FILE] } { set PID_FILE "/var/run/pads_agent.pid" }
+   set PID_DIR [file dirname $PID_FILE]
+   if { ![file exists $PID_DIR] || ![file isdirectory $PID_DIR] || ![file writable $PID_DIR] } {
+     puts "ERROR: Directory $PID_DIR does not exists or is not writable."
+@@ -380,16 +378,16 @@
+   }
+ }
+ # Parse the config file here
+-# Default location is /etc/pads_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/pads_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+   # No conf file specified check the defaults
+-  if { [file exists /etc/pads_agent.conf] } {
+-    set CONF_FILE /etc/pads_agent.conf
++  if { [file exists /usr/local/etc/sguil-sensor/pads_agent.conf] } {
++    set CONF_FILE /usr/local/etc/sguil-sensor/pads_agent.conf
+   } elseif { [file exists ./pads_agent.conf] } {
+     set CONF_FILE ./pads_agent.conf
+   } else {
+     puts "Couldn't determine where the sensor_agent.tcl config file is"
+-    puts "Looked for /etc/pads_agent.conf and ./pads_agent.conf."
++    puts "Looked for /usr/local/etc/sguil-sensor/pads_agent.conf and ./pads_agent.conf."
+     DisplayUsage $argv0
+   }
+ }
Index: files/patch-pcap_agent-sancp.tcl
===================================================================
--- files/patch-pcap_agent-sancp.tcl	(revision 0)
+++ files/patch-pcap_agent-sancp.tcl	(working copy)
@@ -0,0 +1,35 @@
+--- pcap_agent-sancp.tcl.orig	2012-12-17 22:36:43.000000000 +0000
++++ pcap_agent-sancp.tcl	2012-12-17 22:38:22.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: pcap_agent-sancp.tcl,v 1.2 2008/05/29 19:25:50 hanashi Exp $ #
+ 
+@@ -754,13 +752,13 @@
+ }
+ 
+ # Parse the config file here
+-# Default location is /etc/pcap_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/pcap_agent.conf] } {
++    if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
+ 
+-        set CONF_FILE /etc/pcap_agent.conf
++        set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
+ 
+     } elseif { [file exists ./pcap_agent.conf] } {
+ 
+@@ -769,7 +767,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the pcap_agent.tcl config file is"
+-        puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
++        puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
+         DisplayUsage $argv0
+ 
+     }
Index: files/patch-pcap_agent.tcl
===================================================================
--- files/patch-pcap_agent.tcl	(revision 0)
+++ files/patch-pcap_agent.tcl	(working copy)
@@ -0,0 +1,35 @@
+--- pcap_agent.tcl.orig	2012-12-17 22:31:44.000000000 +0000
++++ pcap_agent.tcl	2012-12-17 22:42:50.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: pcap_agent.tcl,v 1.13 2011/03/10 22:03:33 bamm Exp $ #
+ 
+@@ -771,13 +769,13 @@
+ }
+ 
+ # Parse the config file here
+-# Default location is /etc/pcap_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/pcap_agent.conf] } {
++    if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
+ 
+-        set CONF_FILE /etc/pcap_agent.conf
++        set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
+ 
+     } elseif { [file exists ./pcap_agent.conf] } {
+ 
+@@ -786,7 +784,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the pcap_agent.tcl config file is"
+-        puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
++        puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
+         DisplayUsage $argv0
+ 
+     }
Index: files/patch-sancp_agent.tcl
===================================================================
--- files/patch-sancp_agent.tcl	(revision 0)
+++ files/patch-sancp_agent.tcl	(working copy)
@@ -0,0 +1,30 @@
+--- sancp_agent.tcl.orig	2012-12-17 22:43:39.000000000 +0000
++++ sancp_agent.tcl	2012-12-17 22:44:56.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: sancp_agent.tcl,v 1.15 2011/03/10 22:03:33 bamm Exp $ #
+ 
+@@ -582,16 +580,16 @@
+   }
+ }
+ # Parse the config file here
+-# Default location is /etc/sancp_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/sancp_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+   # No conf file specified check the defaults
+-  if { [file exists /etc/sancp_agent.conf] } {
+-    set CONF_FILE /etc/sancp_agent.conf
++  if { [file exists /usr/local/etc/sguil-sensor/sancp_agent.conf] } {
++    set CONF_FILE /usr/local/etc/sguil-sensor/sancp_agent.conf
+   } elseif { [file exists ./sancp_agent.conf] } {
+     set CONF_FILE ./sancp_agent.conf
+   } else {
+     puts "Couldn't determine where the sancp_agent.tcl config file is"
+-    puts "Looked for /etc/sancp_agent.conf and ./sancp_agent.conf."
++    puts "Looked for /usr/local/etc/sguil-sensor/sancp_agent.conf and ./sancp_agent.conf."
+     DisplayUsage $argv0
+   }
+ }
Index: files/patch-snort_agent.tcl
===================================================================
--- files/patch-snort_agent.tcl	(revision 0)
+++ files/patch-snort_agent.tcl	(working copy)
@@ -0,0 +1,35 @@
+--- snort_agent.tcl.orig	2012-12-17 22:33:35.000000000 +0000
++++ snort_agent.tcl	2012-12-17 22:39:39.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: snort_agent.tcl,v 1.9 2011/02/17 02:55:48 bamm Exp $ #
+ 
+@@ -680,13 +678,13 @@
+ }
+ 
+ # Parse the config file here
+-# Default location is /etc/snort_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/snort_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/snort_agent.conf] } {
++    if { [file exists /usr/local/etc/sguil-sensor/snort_agent.conf] } {
+ 
+-        set CONF_FILE /etc/snort_agent.conf
++        set CONF_FILE /usr/local/etc/sguil-sensor/snort_agent.conf
+ 
+     } elseif { [file exists ./snort_agent.conf] } {
+ 
+@@ -695,7 +693,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the snort_agent.tcl config file is"
+-        puts "Looked for /etc/snort_agent.conf and ./snort_agent.conf."
++        puts "Looked for /usr/local/etc/sguil-sensor/snort_agent.conf and ./snort_agent.conf."
+         DisplayUsage $argv0
+ 
+     }
Index: files/pcap_agent-sancp.in
===================================================================
--- files/pcap_agent-sancp.in	(revision 0)
+++ files/pcap_agent-sancp.in	(working copy)
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/pcap_agent-sancp.in 302141 2012-08-05 23:19:36Z dougb $
+
+# PROVIDE: pcap_agent-sancp
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable pcap_agent-sancp:
+# pcap_agent-sancp_enable (bool):	Set to YES to enable pcap_agent-sancp
+# 				Default: NO
+# pcap_agent-sancp_conf (str):	Pads_agent configuration file
+#				Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf
+# pcap_agent-sancp_flags (str):	Default: -D
+#
+
+. /etc/rc.subr
+
+name="pcap_agent-sancp"
+rcvar=pcap_agent-sancp_enable
+load_rc_config pcap_agent-sancp
+
+#set defaults
+: ${pcap_agent-sancp_enable:="NO"}
+: ${pcap_agent-sancp_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf"}
+: ${pcap_agent-sancp_flags:="-D -c ${pcap_agent-sancp_conf}"}
+
+command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent-sancp.tcl"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
+pidfile="/var/run/${name}.pid"
+
+run_rc_command "$1"
Index: files/pcap_agent.in
===================================================================
--- files/pcap_agent.in	(revision 309313)
+++ files/pcap_agent.in	(working copy)
@@ -16,19 +16,17 @@
 
 . /etc/rc.subr
 
+name="pcap_agent"
+rcvar=pcap_agent_enable
 load_rc_config pcap_agent
 
 #set defaults
-pcap_agent_enable=${pcap_agent_enable:-"NO"}
-pcap_agent_conf=${pcap_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"}
-pcap_agent_flags=${pcap_agent_flags:-"-D"}
+: ${pcap_agent_enable:="NO"}
+: ${pcap_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"}
+: ${pcap_agent_flags:="-D -c ${pcap_agent_conf}"}
 
-name="pcap_agent"
-rcvar=pcap_agent_enable
 command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl"
-command_args="-c ${pcap_agent_conf} ${pcap_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
 pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"
 
 run_rc_command "$1"
Index: files/pkg-message.in
===================================================================
--- files/pkg-message.in	(revision 309313)
+++ files/pkg-message.in	(working copy)
@@ -2,13 +2,11 @@
             * !!!!!!!!!!! WARNING !!!!!!!!!!! *
             ***********************************
 
-If you already had barnyard installed, this port will NOT deinstall
-it and install the barnyard-sguil6 port instead.  You will need to
-deinstall the barnyard port and install the barnyard-sguil6 port yourself
-instead.  This port WILL NOT WORK without the barnyard-sguil6 port!!
+If you already had barnyard2 installed, this port will NOT deinstall
+it and install the barnyard2-sguil port instead.  You will need to
+deinstall the barnyard2 port and install the barnyard2-sguil port yourself
+instead.  This port WILL NOT WORK without the barnyard2-sguil port!!
 
-You MUST edit the log_packets.conf file (located in %%PREFIX%%/etc/%%SGUILDIR%%)
-to fit your configuration before running the log_packets.sh script.
 See the %%DOCSDIR%%/INSTALL doc for details on the 
 configuration and for croning the script.  
 
@@ -16,13 +14,18 @@
 quickly.  You should probably configure sguil et al to log to
 another partition/location (e.g. /nsm/tmp/).
 
-You must ALSO edit all of the sensor conf fileis (located in 
+You must ALSO edit all of the sensor conf files (located in 
 %%PREFIX%%/%%SGUILDIR%%/etc/) to reflect your configuration before 
 starting the sensor_agents.
 
+A number of ancilliary things have been installed in
+%%PREFIX%%/share/%%SGUILDIR%%.
+
 If you chose to run sancp, and you already had a sancp.conf file in
 %%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one.
-The new sancp.conf-sample file contains the settings for squil.
-If you still want to maintain the customized sancp.conf file, then copy 
-the new sancp.conf-sample file to sguild-sancp.conf (for example) and 
-add sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf.
+The new sancp.conf-sample file contains the settings for squil. NOTE:
+the conf file is for sancp 1.5.3.  It may need additional edits to work
+with the current ports version of sancp. If you still want to maintain
+the customized sancp.conf file, then copy the new sancp.conf-sample
+file to sguild-sancp.conf (for example) and add 
+sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf.
Index: files/sancp_agent.in
===================================================================
--- files/sancp_agent.in	(revision 309313)
+++ files/sancp_agent.in	(working copy)
@@ -16,19 +16,17 @@
 
 . /etc/rc.subr
 
+name="sancp_agent"
+rcvar=sancp_agent_enable
 load_rc_config sancp_agent
 
 #set defaults
-sancp_agent_enable=${sancp_agent_enable:-"NO"}
-sancp_agent_conf=${sancp_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"}
-sancp_agent_flags=${sancp_agent_flags:-"-D"}
+: ${sancp_agent_enable:="NO"}
+: ${sancp_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"}
+: ${sancp_agent_flags:="-D -c ${sancp_agent_conf}"}
 
-name="sancp_agent"
-rcvar=sancp_agent_enable
 command="%%PREFIX%%/bin/%%SGUILDIR%%/sancp_agent.tcl"
-command_args="-c ${sancp_agent_conf} ${sancp_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
 pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"
 
 run_rc_command "$1"
Index: files/snort_agent.in
===================================================================
--- files/snort_agent.in	(revision 309313)
+++ files/snort_agent.in	(working copy)
@@ -16,19 +16,17 @@
 
 . /etc/rc.subr
 
+name="snort_agent"
+rcvar=snort_agent_enable
 load_rc_config snort_agent
 
 #set defaults
-snort_agent_enable=${snort_agent_enable:-"NO"}
-snort_agent_conf=${snort_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"}
-snort_agent_flags=${snort_agent_flags:-"-D"}
+: ${snort_agent_enable:="NO"}
+: ${snort_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"}
+: ${snort_agent_flags:="-D -c ${snort_agent_conf}"}
 
-name="snort_agent"
-rcvar=snort_agent_enable
 command="%%PREFIX%%/bin/%%SGUILDIR%%/snort_agent.tcl"
-command_args="-c ${snort_agent_conf} ${snort_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
 pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"
 
 run_rc_command "$1"
Index: pkg-descr
===================================================================
--- pkg-descr	(revision 309313)
+++ pkg-descr	(working copy)
@@ -4,7 +4,7 @@
 (www.tcl.tk). Sguil also relies on other open source software
 in order to function properly.
 
-The sensor list includes security/barnyard, security/snort, 
+The sensor list includes security/barnyard2-sguil, security/snort, 
 security/sancp, net-mgmt/pads, tcpdump (a part of the OS) 
 and devel/tcltls as well as lang/tcl84 and lang/tclX.  Care 
 has been taken to ensure that everything you need to build 
@@ -15,4 +15,3 @@
 rule management capabilities.
 
 WWW: http://sguil.sourceforge.net/index.php
-pauls@utdallas.edu
Index: pkg-plist
===================================================================
--- pkg-plist	(revision 309313)
+++ pkg-plist	(working copy)
@@ -1,15 +1,41 @@
+bin/%%SGUILDIR%%/log_packets-daemonlogger.sh
 bin/%%SGUILDIR%%/log_packets.sh
-bin/%%SGUILDIR%%/example_agent.tcl
 bin/%%SGUILDIR%%/pcap_agent.tcl
 bin/%%SGUILDIR%%/snort_agent.tcl
-etc/%%SGUILDIR%%/example_agent.conf-sample
 etc/%%SGUILDIR%%/pcap_agent.conf-sample
 etc/%%SGUILDIR%%/snort_agent.conf-sample
-etc/%%SGUILDIR%%/log_packets.conf-sample
+%%DOCSDIR%%/CHANGES
+%%DOCSDIR%%/FAQ
+%%DOCSDIR%%/INSTALL
+%%DOCSDIR%%/INSTALL.openbsd
+%%DOCSDIR%%/OPENSSL.README
+%%DOCSDIR%%/README
+%%DOCSDIR%%/README.daemonlogger
+%%DOCSDIR%%/TODO
+%%DOCSDIR%%/UPGRADE
+%%DOCSDIR%%/USAGE
+%%DOCSDIR%%/sguildb.dia
+share/%%SGUILDIR%%/contrib/ossec_agent/README
+share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.conf
+share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.tcl
+share/%%SGUILDIR%%/contrib/portscan_loader/Makefile
+share/%%SGUILDIR%%/contrib/portscan_loader/portscan_loader.c
+share/%%SGUILDIR%%/init/sensoragent
 %%USEPADS%%bin/%%SGUILDIR%%/pads_agent.tcl
 %%USEPADS%%etc/%%SGUILDIR%%/pads_agent.conf-sample
-%%USESANCP%%etc/sancp.conf-sample
+%%USESANCP%%bin/%%SGUILDIR%%/log_packets-sancp.sh
+%%USESANCP%%bin/%%SGUILDIR%%/pcap_agent-sancp.tcl
 %%USESANCP%%bin/%%SGUILDIR%%/sancp_agent.tcl
 %%USESANCP%%etc/%%SGUILDIR%%/sancp_agent.conf-sample
+%%USESANCP%%etc/%%SGUILDIR%%/sancp-indexed.conf-sample
+%%USESANCP%%etc/%%SGUILDIR%%/pcap_agent-sancp.conf-sample
+%%USESANCP%%etc/%%SGUILDIR%%/sancp.conf-sample
+%%USESANCP%%%%DOCSDIR%%/README.sancp_indexed_pcap
+@dirrm share/%%SGUILDIR%%/init
+@dirrm share/%%SGUILDIR%%/contrib/portscan_loader
+@dirrm share/%%SGUILDIR%%/contrib/ossec_agent
+@dirrm share/%%SGUILDIR%%/contrib
+@dirrm share/%%SGUILDIR%%
+@dirrmtry etc/%%SGUILDIR%%
 @dirrm bin/%%SGUILDIR%%
-@dirrmtry etc/%%SGUILDIR%%
+@dirrm %%DOCSDIR%%
--- sguil-sensor.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121220154117.B36A3DCA82A>